From 29734b6bd7ca1c528723c29559e8ef63944e1411 Mon Sep 17 00:00:00 2001 From: Andrea Ciceri Date: Mon, 28 Apr 2025 20:20:46 +0200 Subject: [PATCH 01/12] Add `amule` and enable on `sisko` --- hosts/sisko/default.nix | 1 + modules/amule/default.nix | 34 ++++++++++++++++++++++++++++++++++ 2 files changed, 35 insertions(+) create mode 100644 modules/amule/default.nix diff --git a/hosts/sisko/default.nix b/hosts/sisko/default.nix index 9542bc1..50e3cc2 100644 --- a/hosts/sisko/default.nix +++ b/hosts/sisko/default.nix @@ -33,6 +33,7 @@ "arr" "zerotier" "mosh" + "amule" ] ++ [ ./disko.nix diff --git a/modules/amule/default.nix b/modules/amule/default.nix new file mode 100644 index 0000000..9752f8f --- /dev/null +++ b/modules/amule/default.nix @@ -0,0 +1,34 @@ +{ config, lib, ... }: +{ + users.users.amule = { + isSystemUser = true; + group = "amule"; + extraGroups = [ "amule" ]; + home = config.services.amule.dataDir; + }; + + users.groups.amule = { }; + services.amule = { + dataDir = "/mnt/hd/amule"; + enable = true; + user = "amule"; + }; + + # sometimes the service crashes with a segfeault without any reason... + systemd.services.amuled.serviceConfig.Restart = lib.mkForce "always"; + + environment.persistence."/persist".directories = [ + config.services.amule.dataDir + ]; + + networking.firewall = { + allowedTCPPorts = [ 4662 ]; + allowedUDPPortRanges = [ + { + from = 4665; + to = 4672; + } + ]; + }; + +} From c745986ef41b610bac12e336a733f9cb810c4917 Mon Sep 17 00:00:00 2001 From: Andrea Ciceri Date: Mon, 28 Apr 2025 20:20:57 +0200 Subject: [PATCH 02/12] `amarr` module WIP --- modules/amarr/default.nix | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 modules/amarr/default.nix diff --git a/modules/amarr/default.nix b/modules/amarr/default.nix new file mode 100644 index 0000000..0412243 --- /dev/null +++ b/modules/amarr/default.nix @@ -0,0 +1,23 @@ +args@{ lib, pkgs, ... }: +let + pkgs = builtins.getFlake "github:NixOS/nixpkgs/d278c7bfb89130ac167e80d2250f9abc0bede419"; + amarr = pkgs.legacyPackages.${args.pkgs.system}.amarr; +in +{ + systemd.services.amarr = { + description = "amarr"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + serviceConfig = { + User = "root"; + Type = "oneshot"; + ExecStart = lib.getExe amarr; + }; + environment = { + AMULE_HOST = "localhost"; + AMULE_PORT = "4712"; + AMULE_PASSWORD = ""; + }; + }; + +} From 8609d6341311e801dfbcbfef1a9bccfcc1e5a6a1 Mon Sep 17 00:00:00 2001 From: Andrea Ciceri Date: Mon, 28 Apr 2025 20:52:22 +0200 Subject: [PATCH 03/12] Enable `power-profiles-daemon` for `pike` --- hosts/pike/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/pike/default.nix b/hosts/pike/default.nix index 1a7e3ab..d699e49 100644 --- a/hosts/pike/default.nix +++ b/hosts/pike/default.nix @@ -157,6 +157,8 @@ hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.enableRedistributableFirmware = lib.mkDefault true; + services.power-profiles-daemon.enable = true; + hardware.graphics = { enable = true; enable32Bit = true; From 7792eead8dd415671ddecf477e65613a1cd17711 Mon Sep 17 00:00:00 2001 From: Andrea Ciceri Date: Mon, 28 Apr 2025 21:06:40 +0200 Subject: [PATCH 04/12] Update `ccr-ssh` key --- lib/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/default.nix b/lib/default.nix index 724e0cf..4330d49 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -1,7 +1,7 @@ { keys = { users = { - ccr-ssh = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCzCmDCtlGscpesHuoiruVWD2IjYEFtaIl9Y2JZGiOAyf3V17KPx0MikcknfmxSHi399SxppiaXQHxo/1wjGxXkXNTTv6h1fBuqwhJE6C8+ZSV+gal81vEnXX+/9w2FQqtVgnG2/mO7oJ0e3FY+6kFpOsGEhYexoGt/UxIpAZoqIN+CWNhJIASUkneaZWtgwiL8Afb59kJQ2E7WbBu+PjYZ/s5lhPobhlkz6s8rkhItvYdiSHT0DPDKvp1oEbxsxd4E4cjJFbahyS8b089NJd9gF5gs0b74H/2lUUymnl63cV37Mp4iXB4rtE69MbjqsGEBKTPumLualmc8pOGBHqWIdhAqGdZQeBajcb6VK0E3hcU0wBB+GJgm7KUzlAHGdC3azY0KlHMrLaZN0pBrgCVR6zBNWtZz2B2qMBZ8Cw+K4vut8GuspdXZscID10U578GxQvJAB9CdxNUtrzSmKX2UtZPB1udWjjIAlejzba4MG73uXgQEdv0NcuHNwaLuCWxTUT5QQF18IwlJ23Mg8aPK8ojUW5A+kGHAu9wtgZVcX1nS5cmYKSgLzcP1LA1l9fTJ1vqBSuy38GTdUzfzz7AbnkRfGPj2ALDgyx17Rc5ommjc1k0gFoeIqiLaxEs5FzDcRyo7YvZXPsGeIqNCYwQWw3+U+yUEJby8bxGb2d/6YQ== andrea.ciceri@autistici.org"; + ccr-ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIm9Sl/I+5G4g4f6iE4oCUJteP58v+wMIew9ZuLB+Gea"; oneplus8t = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO8da1Mf11vXFF0kVDgxocVoGwpHHMEs9emS9T+v8hLb oneplus8t"; hercules-ci-agent = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGPupm00BiveTIYF6CNwuMijF5VvEaPDMjvt+vMlAy+N hercules-ci-agent"; }; From af7de46bf5bb0c1d084f9b91e7e77c38c539087e Mon Sep 17 00:00:00 2001 From: Andrea Ciceri Date: Mon, 28 Apr 2025 22:22:02 +0200 Subject: [PATCH 05/12] Fix `adguard-home` and use both for DNS and DHCP --- modules/adguard-home/default.nix | 34 ++++++++++++++++++++++++++------ 1 file changed, 28 insertions(+), 6 deletions(-) diff --git a/modules/adguard-home/default.nix b/modules/adguard-home/default.nix index 4020c07..8c4451e 100644 --- a/modules/adguard-home/default.nix +++ b/modules/adguard-home/default.nix @@ -1,18 +1,40 @@ -{ config, ... }: +{ config, lib, ... }: { services.adguardhome = { enable = true; - port = 3000; mutableSettings = true; settings = { - openFirewall = true; + dhcp = { + enabled = true; + interface_name = "enP4p65s0"; + + dhcpv4 = { + gateway_ip = "10.1.1.1"; + range_start = "10.1.1.2"; + range_end = "10.1.1.255"; + subnet_mask = "255.255.255.0"; + }; + }; + dns = { + upstream_dns = [ + "https://dns10.quad9.net/dns-query" + ]; + + bind_hosts = [ + "127.0.0.1" + "10.1.1.2" + ]; + }; }; }; - networking.firewall.allowedTCPPorts = [ - 3000 + + systemd.services.adguardhome.serviceConfig.DynamicUser = lib.mkForce false; + + networking.firewall.allowedUDPPorts = [ 53 + 67 ]; - networking.firewall.allowedUDPPorts = [ 53 ]; + networking.firewall.allowedTCPPorts = [ 53 ]; environment.persistence."/persist".directories = [ "/var/lib/AdGuardHome" ]; From 350c745cf1260ce934363a7fffa771a787867db1 Mon Sep 17 00:00:00 2001 From: Andrea Ciceri Date: Mon, 28 Apr 2025 22:22:17 +0200 Subject: [PATCH 06/12] Enable `adguard-home` on `sisko` --- hosts/sisko/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/sisko/default.nix b/hosts/sisko/default.nix index 50e3cc2..0beb993 100644 --- a/hosts/sisko/default.nix +++ b/hosts/sisko/default.nix @@ -34,6 +34,7 @@ "zerotier" "mosh" "amule" + "adguard-home" ] ++ [ ./disko.nix From ddd85e4830e9bb5a6228944f5625da8bf72a340f Mon Sep 17 00:00:00 2001 From: Andrea Ciceri Date: Tue, 29 Apr 2025 11:06:45 +0200 Subject: [PATCH 07/12] Disable `promtail` on `sisko` --- hosts/sisko/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/hosts/sisko/default.nix b/hosts/sisko/default.nix index 0beb993..3d3fd83 100644 --- a/hosts/sisko/default.nix +++ b/hosts/sisko/default.nix @@ -21,7 +21,6 @@ "grafana" "prometheus-exporters" "loki" - "promtail" "restic" "atuin" "immich" From 599690ede5fc31ae6e4c133cd0ffa152ab873e4e Mon Sep 17 00:00:00 2001 From: Andrea Ciceri Date: Tue, 29 Apr 2025 11:06:59 +0200 Subject: [PATCH 08/12] Fix DHCP server --- modules/adguard-home/default.nix | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/modules/adguard-home/default.nix b/modules/adguard-home/default.nix index 8c4451e..4a472a2 100644 --- a/modules/adguard-home/default.nix +++ b/modules/adguard-home/default.nix @@ -1,4 +1,7 @@ { config, lib, ... }: +let + interface = "enP4p65s0"; +in { services.adguardhome = { enable = true; @@ -6,7 +9,7 @@ settings = { dhcp = { enabled = true; - interface_name = "enP4p65s0"; + interface_name = interface; dhcpv4 = { gateway_ip = "10.1.1.1"; @@ -28,6 +31,7 @@ }; }; + # otherwise it creates a directory in /var/lib/private which can't be easily persisted systemd.services.adguardhome.serviceConfig.DynamicUser = lib.mkForce false; networking.firewall.allowedUDPPorts = [ @@ -35,6 +39,21 @@ 67 ]; networking.firewall.allowedTCPPorts = [ 53 ]; + + networking.interfaces.${interface} = { + ipv4.addresses = [ + { + address = "10.1.1.2"; + prefixLength = 24; + } + ]; + useDHCP = false; + }; + + networking.defaultGateway = "10.1.1.1"; + + networking.nameservers = [ "127.0.0.1" ]; + environment.persistence."/persist".directories = [ "/var/lib/AdGuardHome" ]; From 84e19cb236692fb9d33d1d7b0ee77fbd231ae2a1 Mon Sep 17 00:00:00 2001 From: Andrea Ciceri Date: Tue, 29 Apr 2025 12:21:12 +0200 Subject: [PATCH 09/12] Fix DNS --- modules/adguard-home/default.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/modules/adguard-home/default.nix b/modules/adguard-home/default.nix index 4a472a2..cd9cec3 100644 --- a/modules/adguard-home/default.nix +++ b/modules/adguard-home/default.nix @@ -52,8 +52,6 @@ in networking.defaultGateway = "10.1.1.1"; - networking.nameservers = [ "127.0.0.1" ]; - environment.persistence."/persist".directories = [ "/var/lib/AdGuardHome" ]; From 70b61a74ae8e97d66e2d3bee90351c20ad07d1de Mon Sep 17 00:00:00 2001 From: Andrea Ciceri Date: Tue, 29 Apr 2025 12:21:20 +0200 Subject: [PATCH 10/12] New `alloy` module --- modules/alloy/default.nix | 53 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 modules/alloy/default.nix diff --git a/modules/alloy/default.nix b/modules/alloy/default.nix new file mode 100644 index 0000000..728ca28 --- /dev/null +++ b/modules/alloy/default.nix @@ -0,0 +1,53 @@ +{ config, ... }: +{ + services.alloy = { + enable = true; + }; + environment.etc."alloy/config.alloy".text = '' + local.file_match "local_files" { + path_targets = [{ + __path__ = "/var/log/*.log", + }] + sync_period = "5s" + } + + loki.source.journal "systemd" { + max_age = "24h" + forward_to = [loki.write.default.receiver] + } + + loki.source.journal "kernel" { + max_age = "24h" + forward_to = [loki.write.default.receiver] + } + + loki.relabel "nixfleet_journal" { + forward_to = [] + rule { + source_labels = ["__journal__systemd_unit"] + target_label = "systemd_unit" + } + rule { + source_labels = ["__journal_syslog_identifier"] + target_label = "syslog_identifier" + } + } + + loki.source.journal "nixfleet_journal" { + forward_to = [loki.write.default.receiver] + relabel_rules = loki.relabel.nixfleet_journal.rules + format_as_json = true + } + + loki.write "default" { + endpoint { + url = "http://sisko.wg.aciceri.dev:${ + builtins.toString config.services.loki.configuration.server.http_listen_port or 3100 + }/loki/api/v1/push" + } + external_labels = { + host = "${config.networking.hostName}", + } + } + ''; +} From 60dce8e6810327136ec61770f1452a059014917e Mon Sep 17 00:00:00 2001 From: Andrea Ciceri Date: Tue, 29 Apr 2025 12:21:31 +0200 Subject: [PATCH 11/12] Use `alloy` on all the most used devices --- hosts/kirk/default.nix | 2 +- hosts/picard/default.nix | 2 +- hosts/pike/default.nix | 2 +- hosts/sisko/default.nix | 1 + hosts/tpol/default.nix | 1 + 5 files changed, 5 insertions(+), 3 deletions(-) diff --git a/hosts/kirk/default.nix b/hosts/kirk/default.nix index f08b669..72cebd5 100644 --- a/hosts/kirk/default.nix +++ b/hosts/kirk/default.nix @@ -33,7 +33,7 @@ "adb" "binfmt" "prometheus-exporters" - "promtail" + "alloy" "syncthing" "zerotier" ] diff --git a/hosts/picard/default.nix b/hosts/picard/default.nix index 92783d6..3cbb5d2 100644 --- a/hosts/picard/default.nix +++ b/hosts/picard/default.nix @@ -40,8 +40,8 @@ "mount-sisko" "adb" "prometheus-exporters" - # "promtail" "zerotier" + "alloy" ] ++ [ ./disko.nix ]; diff --git a/hosts/pike/default.nix b/hosts/pike/default.nix index d699e49..e5e6ca6 100644 --- a/hosts/pike/default.nix +++ b/hosts/pike/default.nix @@ -35,7 +35,7 @@ "mount-sisko" "adb" "prometheus-exporters" - # "promtail" + "alloy" "zerotier" ]; diff --git a/hosts/sisko/default.nix b/hosts/sisko/default.nix index 3d3fd83..9faac29 100644 --- a/hosts/sisko/default.nix +++ b/hosts/sisko/default.nix @@ -21,6 +21,7 @@ "grafana" "prometheus-exporters" "loki" + "alloy" "restic" "atuin" "immich" diff --git a/hosts/tpol/default.nix b/hosts/tpol/default.nix index d73b62b..a586bc0 100644 --- a/hosts/tpol/default.nix +++ b/hosts/tpol/default.nix @@ -24,6 +24,7 @@ "battery" "printing" "wireguard-client" + "alloy" ]; boot.initrd.availableKernelModules = [ From e6923afd011cc6855cee979207ff145f13e9c804 Mon Sep 17 00:00:00 2001 From: Seven of Nine Date: Tue, 29 Apr 2025 15:02:05 +0000 Subject: [PATCH 12/12] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'emacs-overlay': 'github:nix-community/emacs-overlay/2a6d6d064e33d65dc660b65c28ce17195e539db6' (2025-04-28) → 'github:nix-community/emacs-overlay/841c18a6fe787b669ea362e3e14f54a5bd12a63c' (2025-04-29) • Updated input 'emacs-overlay/nixpkgs': 'github:NixOS/nixpkgs/f771eb401a46846c1aebd20552521b233dd7e18b' (2025-04-24) → 'github:NixOS/nixpkgs/5461b7fa65f3ca74cef60be837fd559a8918eaa0' (2025-04-27) • Updated input 'homeManager': 'github:nix-community/home-manager/be7cf1709b469a2a2c62169172a167d1fed3509f' (2025-04-28) → 'github:nix-community/home-manager/1ad123239957d40e11ef66c203d0a7e272eb48aa' (2025-04-29) • Updated input 'nixosHardware': 'github:NixOS/nixos-hardware/f7bee55a5e551bd8e7b5b82c9bc559bc50d868d1' (2025-04-24) → 'github:NixOS/nixos-hardware/f1e52a018166e1a324f832de913e12c0e55792d0' (2025-04-29) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/f771eb401a46846c1aebd20552521b233dd7e18b' (2025-04-24) → 'github:NixOS/nixpkgs/5461b7fa65f3ca74cef60be837fd559a8918eaa0' (2025-04-27) • Updated input 'treefmt-nix': 'github:numtide/treefmt-nix/d1863f30d9ca67f679f9c2583d7adf674b5d9b8a' (2025-04-28) → 'github:numtide/treefmt-nix/82bf32e541b30080d94e46af13d46da0708609ea' (2025-04-29) --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index 4c86252..a9bc533 100644 --- a/flake.lock +++ b/flake.lock @@ -122,11 +122,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1745830889, - "narHash": "sha256-P51C3ennff9hNhHr6SsxowZKpbPsa2U4DjC+DIu4Lyg=", + "lastModified": 1745921824, + "narHash": "sha256-8FFSHBE0HgW0HGrTULbaUVH29aeVP31Clf2HDtDfqaE=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "2a6d6d064e33d65dc660b65c28ce17195e539db6", + "rev": "841c18a6fe787b669ea362e3e14f54a5bd12a63c", "type": "github" }, "original": { @@ -387,11 +387,11 @@ ] }, "locked": { - "lastModified": 1745810134, - "narHash": "sha256-WfnYH/i7DFzn4SESQfWviXiNUZjohZhzODqLwKYHIPI=", + "lastModified": 1745894335, + "narHash": "sha256-m47zhftaod/oHOwoVT25jstdcVLhkrVGyvEHKjbnFHI=", "owner": "nix-community", "repo": "home-manager", - "rev": "be7cf1709b469a2a2c62169172a167d1fed3509f", + "rev": "1ad123239957d40e11ef66c203d0a7e272eb48aa", "type": "github" }, "original": { @@ -569,11 +569,11 @@ }, "nixosHardware": { "locked": { - "lastModified": 1745503349, - "narHash": "sha256-bUGjvaPVsOfQeTz9/rLTNLDyqbzhl0CQtJJlhFPhIYw=", + "lastModified": 1745907084, + "narHash": "sha256-Q8SpDbTI95vtKXgNcVl1VdSUhhDOORE8R77wWS2rmg8=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "f7bee55a5e551bd8e7b5b82c9bc559bc50d868d1", + "rev": "f1e52a018166e1a324f832de913e12c0e55792d0", "type": "github" }, "original": { @@ -711,11 +711,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1745526057, - "narHash": "sha256-ITSpPDwvLBZBnPRS2bUcHY3gZSwis/uTe255QgMtTLA=", + "lastModified": 1745794561, + "narHash": "sha256-T36rUZHUART00h3dW4sV5tv4MrXKT7aWjNfHiZz7OHg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f771eb401a46846c1aebd20552521b233dd7e18b", + "rev": "5461b7fa65f3ca74cef60be837fd559a8918eaa0", "type": "github" }, "original": { @@ -742,11 +742,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1745526057, - "narHash": "sha256-ITSpPDwvLBZBnPRS2bUcHY3gZSwis/uTe255QgMtTLA=", + "lastModified": 1745794561, + "narHash": "sha256-T36rUZHUART00h3dW4sV5tv4MrXKT7aWjNfHiZz7OHg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f771eb401a46846c1aebd20552521b233dd7e18b", + "rev": "5461b7fa65f3ca74cef60be837fd559a8918eaa0", "type": "github" }, "original": { @@ -1009,11 +1009,11 @@ ] }, "locked": { - "lastModified": 1745829891, - "narHash": "sha256-aRkV0ZpfT/ERgRlGrbgjHFRcEWdseltSO+wPnpdPYKg=", + "lastModified": 1745929750, + "narHash": "sha256-k5ELLpTwRP/OElcLpNaFWLNf8GRDq4/eHBmFy06gGko=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "d1863f30d9ca67f679f9c2583d7adf674b5d9b8a", + "rev": "82bf32e541b30080d94e46af13d46da0708609ea", "type": "github" }, "original": {